Embodiments of the present invention relate generally to methods and systems for presenting information in a user interface of an application and more particularly to controlling access to and presentation of sensitive information.
A wide variety of different applications use sensitive information like credit card information, date of birth, and other personal or otherwise secret or discrete information. Such information is often displayed and/or input through a user interface of the application such as a webpage presented to and rendered by a user's device such as her desktop computer, laptop, tablet, cellphone, or other device. For example, a user may be required to enter a credit card number and other information through a webpage in order to complete a purchase transaction or to provide a password and/or other secret information to logon or access the application or functions of the application. But, users also take some time to input and complete the information on that page when performing transactions. So, an over-the-shoulder attack where a nearby observer watches and records or remembers the sensitive information can easily happen especially when transactions with sensitive information are being done in public places.
To prevent such attacks, some applications obscure or mask the sensitive information. For example, when the sensitive information is displayed and/or as it is being entered by the user, this information may be replaced with a character such as an “*” or other replacement character or graphic to hide the sensitive information. However, such an approach is frequently inconvenient for the user. For example, when the user is entering or inputting sensitive information, like when setting a password, the user may be required to re-enter or confirm the information that is obscured or masked as it is entered. In other cases, this approach may be ineffective in preventing over-the-shoulder attacks. For example, while entering password in a mobile there is a time lag during which the plain text is displayed before it is converted into an “*.” Thus, the plain text of the sensitive information is still available and vulnerable to a nearby observer for a short time. Hence, there is a need for improved methods and systems for controlling access to and presentation of sensitive information.